Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 31 Dec 2015 11:21:59 -0500 (EST)
From: cve-assign@...re.org
To: ben@...adent.org.uk
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: mail-client/claws-mail-3.13.1: Stack Overflow - CVE needed?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> In conv_euctojis() the comparison is with outlen - 3, but each pass
> through the loop uses up to 5 bytes and the rest of the function may
> add another 4 bytes. The comparison should presumably be 
> '<= outlen - 9' or equivalently '< outlen - 8'.

Use CVE-2015-8708 for this additional issue that exists because
of an incomplete fix for CVE-2015-8614.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWhVWsAAoJEL54rhJi8gl583EP/Ar22NETcsAQunMB1xi81oyH
vkto+MAV1mgFL/eKrIoE0Khka+hUdF3N5YBF6GvNR2nV6bDigWurxyWpYZirXMp1
R5+SpbjsRoeqck/l7r9laILvZceudpiZwDcM60YQgwHjrUMRp82b/Xix7orIvctj
QKqaXvGKr4Uqb8ELOgMoewtcf3PtalLaXFwFzmAlbbVV52QTZlESwWXvVzM4Wde4
BM82WAT+mePcYzc4gt7525D0BXaPglBoqW/eOis22Xk0+26J3aU7MjWU2e9DY+mI
xN9UV0qRBUFK1wpmX0NsedzQkE7fFp3J5L1bzlmrVoFjWXEvZRdm8VyF9ql9XcE4
9jH0RKgCh8SWZJxsp1wZ0O7FRWLye2p23Pu+IBl6ZTQBDtfZJhdSpFnvD8b3ozcq
JmOuR00HngwYtPjvcwXSz5Uo80XBw7fY/7FUUVpYPioKqbnfyNT8Yqpf+3O5gAKu
15fRQ7/xxeE5RIM8tuXwI1UdguExWcF5EYijrOBtjnm2TamFhgeeDjhNnx7tpyVG
FmfOf2mHj8i1OooSnnG2xOzz6jeXZDXC+ILqj0P3ba6NK++vg67V/Ol/ps8Bnvm4
Jt1m3Cl9cHwePC7n49dxPBeNL1mY4B5YJEcuD0fsfA3znnG2ySvhdgguvW7+cTii
IlR4SKZFQqONyagYD9Zl
=xxDi
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ